|
midrange.com
Why is removing command line access NOT an option?
What does being at QSECURITY level 30 mean ?
What type of Profile is the owner of the program (AMAPICS) ? User, SECOFR? etc
>>> "Burns, Bryan" <burnsbm@echoincorporated.com> 01/26/01 03:06PM >>>
Removing command line access is not an option.
We are at QSECURITY level 30.
Here are most profile attributes and a DSPPGM of the initial menu.
User profile . . . . . . . . . . > JILLH
User password . . . . . . . . . *SAME
Set password to expired . . . . *NO
Status . . . . . . . . . . . . . *ENABLED
User class . . . . . . . . . . . *USER
Assistance level . . . . . . . . *SYSVAL
Current library . . . . . . . . *CRTDFT
Initial program to call . . . . EX400C
Library . . . . . . . . . . . ECALIB
Initial menu . . . . . . . . . . *SIGNOFF
Library . . . . . . . . . . .
Limit capabilities . . . . . . . *PARTIAL
Special authority . . . . . . . *NONE
+ for more values
Special environment . . . . . . *NONE
Display sign-on information . . *YES
Password expiration interval . . *SYSVAL
Limit device sessions . . . . . *NO
Keyboard buffering . . . . . . . *SYSVAL
Maximum allowed storage . . . . *NOMAX
Highest schedule priority . . . 3
Job description . . . . . . . . QDFTJOBD
Library . . . . . . . . . . . QGPL
Group profile . . . . . . . . . *NONE
Owner . . . . . . . . . . . . . *USRPRF
Group authority . . . . . . . . *NONE
Group authority type . . . . . . *PRIVATE
Supplemental groups . . . . . . *NONE
+ for more values
Accounting code . . . . . . . . *BLANK
Document password . . . . . . . *SAME
Message queue . . . . . . . . . JILLH
Library . . . . . . . . . . . QUSRSYS
Delivery . . . . . . . . . . . . *NOTIFY
Severity code filter . . . . . . 0
Print device . . . . . . . . . . PRTP0
Output queue . . . . . . . . . . *WRKSTN
Library . . . . . . . . . . .
Attention program . . . . . . . *NONE
Library . . . . . . . . . . .
Program . . . . . . . : EX400C Library . . . . . . . : ECALIB
Owner . . . . . . . . : AMAPICS
Program attribute . . : CLP
Program creation information:
Program creation date/time . . . . . . . . . . . : 10/03/96 10:00:16
Type of program . . . . . . . . . . . . . . . . : OPM
Source file . . . . . . . . . . . . . . . . . . : SOURCE
Library . . . . . . . . . . . . . . . . . . . : ECALIB
Source member . . . . . . . . . . . . . . . . . : EX400C
Source file change date/time . . . . . . . . . . : 10/03/96 09:59:36
Observable information . . . . . . . . . . . . . : *ALL
User profile . . . . . . . . . . . . . . . . . . : *OWNER
Use adopted authority . . . . . . . . . . . . . : *YES
Log commands (CL program) . . . . . . . . . . . : *JOB
Allow RTVCLSRC (CL program) . . . . . . . . . . : *YES
Fix decimal data . . . . . . . . . . . . . . . . : *NO
Bryan Burns
Echo, Inc.
Lake Zurich, IL
Burnsbm@echoincorporated.com
-----Original Message-----
From: fiona.fitzgerald@notes.royalsun.com
[SMTP:fiona.fitzgerald@notes.royalsun.com]
Sent: Friday, January 26, 2001 11:09 AM
To: MIDRANGE-L@midrange.com
Subject: Re: Changing user profiles without *SECADM; adding
*SECADM without ev en having *SECADM
Bryan,
If the user doesn't need a command line, you could change their
profile to LMTCPB(*YES), which will prevent them from invoking a
command
line.
Might the initial object be owned by a profile with *SECADM
authority ?
They might be inheriting authority from it ? Do they have an initial
pgm
or an initial menu ? I'd like to see all the usrprf attributes.
By the way, what security level are you at ? (DSPSYSVAL QSECURITY).
Fiona Fitzgerald,
Dublin
Bryan Burns wrote:
We have a user profile with special authority *NONE that can do a
CHGUSRPRF
and add *SECADM special authority to another profile. This is done
from a
command line on the initial menu. This initial menu has three
options:
EXECUTE OFFICE, EXECUTE MAPICS, and SIGN OFF.
How is this possible? We are on V4R4 and at cume level CO252440.
The profile in question has USER CLASS *USER, GROUP PROFILE *NONE,
OWNER
*USRPRFand LIMIT CAPABILITIES *PARTIAL.
I think this may be due to adopted authority, but I am not a
programmer and
I have dug as far as I can into this. Can someone shed some light
on this?
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to
MIDRANGE-L@midrange.com.
| To subscribe to this list send email to
MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
